[SECURITY] [DLA 476-1] libidn security update

2016-05-17T22:43:49
ID DEBIAN:DLA-476-1:61871
Type debian
Reporter Debian
Modified 2016-05-17T22:43:49

Description

Package : libidn Version : 1.25-2+deb7u1 CVE ID : CVE-2015-2059

It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.

For Debian 7 "Wheezy", these problems have been fixed in version 1.25-2+deb7u1.

We recommend that you upgrade your libidn packages.


Brian May <bam@debian.org>